Many discretionary Trojan Horse attacks can be defeated by a table-driven file name translation mechanism that has knowledge of the normal patterns of use of a computer system. File name translation is built into a protected subsystem, and the human user is queried about possible violations of discretionary access control policies. The technique is most effective against unauthorized tampering or sabotage and can be used in conjunction with non-discretionary security controls.